<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>plecost Package Description</h2>
<p style="text-align: justify;">WordPress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google.</p>
<p>Source: https://code.google.com/p/plecost/<br>
<a href="http://code.google.com/p/plecost/" variation="deepblue" target="blank">plecost Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/plecost.git;a=summary" variation="deepblue" target="blank">Kali plecost Repo</a></p>
<ul>
<li>Author: Francisco Jesus Gomez, Daniel Garcia Garcia</li>
<li>License: GPLv3</li>
</ul>
<h3>Tools included in the plecost package</h3>
<h5>plecost</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="7d0f1212093d161c1114">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# plecost -h<br>
<br>
////////////////////////////////////////////<br>
// ..................................DMI...<br>
// .............................:MMMM......<br>
// .........................$MMMMM:........<br>
// .........M.....,M,=NMMMMMMMMD...........<br>
// ........MMN...MMMMMMMMMMMM,.............<br>
// .......MMMMMMMMMMMMMMMMM~...............<br>
// .......MMMMMMMMMMMMMMM..................<br>
// ....?MMMMMMMMMMMMMMMN$I.................<br>
// .?.MMMMMMMMMMMMMMMMMMMMMM...............<br>
// .MMMMMMMMMMMMMMN........................<br>
// 7MMMMMMMMMMMMMON$.......................<br>
// ZMMMMMMMMMMMMMMMMMM.......plecost.......<br>
// .:MMMMMMMZ~7MMMMMMMMMO..................<br>
// ....~+:.................................<br>
//<br>
// Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta<br>
//<br>
// Developed by:<br>
//        Francisco Jesus Gomez aka (<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="7c1a1a0e1d12063c1512150d091d521f1311">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>)<br>
//        Daniel Garcia Garcia (<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="87e3e6e9eec7eee9eef6f2e6a9e4e8ea">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>)<br>
//<br>
// Info: http://iniqua.com/labs/<br>
// Bug report: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="a9d9c5cccac6dadde9c0c7c0d8dcc887cac6c4">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script><br>
<br>
<br>
Usage: /usr/bin/plecost [options] [ URL | [-l num] -G]<br>
<br>
<br>
Google search options:<br>
    -l num    : Limit number of results for each plugin in google.<br>
    -G        : Google search mode<br>
<br>
Options:<br>
    -n        : Number of plugins to use (Default all - more than 7000).<br>
    -c        : Check plugins only with CVE associated.<br>
    -R file   : Reload plugin list. Use -n option to control the size (This take several minutes)<br>
    -o file   : Output file. (Default "output.txt")<br>
    -i file   : Input plugin list. (Need to start the program)<br>
    -s time   : Min sleep time between two probes. Time in seconds. (Default 10)<br>
    -M time   : Max sleep time between two probes. Time in seconds. (Default 20)<br>
    -t num    : Number of threads. (Default 1)<br>
    -h        : Display help. (More info: http://iniqua.com/labs/)<br>
<br>
Examples:<br>
<br>
  * Reload first 5 plugins list:<br>
        plecost -R plugins.txt -n 5<br>
  * Search vulnerable sites for first 5 plugins:<br>
        plecost -n 5 -G -i plugins.txt<br>
  * Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:<br>
        plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com</code>
<h3>plecost Usage Example</h3>
<p>Use 100 plugins <b><i>(-n 100)</i></b>, sleep for 10 seconds between probes <b><i>(-s 10)</i></b> but no more than 15 <b><i>(-M 15)</i></b> and use the plugin list <b><i>(-i /usr/share/plecost/wp_plugin_list.txt)</i></b> to scan the given URL <b><i>(192.168.1.202/wordpress)<i></i></i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="51233e3e25113a303d38">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress<br>
[*] Num of checks set to: 100<br>
<br>
-------------------------------------------------<br>
[*] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt<br>
[*] Min sleep time set to: 10<br>
[*] Max sleep time set to: 15<br>
-------------------------------------------------<br>
<br>
==&gt; Results for: 192.168.1.202/wordpress &lt;==<br>
<br>
[i] Wordpress version found:  3.9.1<br>
[i] Wordpress last public version: 3.9.1<br>
<br>
<br>
[*] Search for installed plugins<br>
<br>
<br>
[i] Plugin found: akismet<br>
    |_Latest version:  2.4.0<br>
    |_ Installed version: 3.0.0<br>
    |_CVE list: <br>
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)<br>
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)<br>
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)<br>
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)<br>
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)<br>
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
